<?php
session_start();
include "php/config.php";
include "php/anti_injection.php";
include "php/get_ip.php";
$username = anti_injection($_POST["username"]);
$password = anti_injection($_POST["password"]);
$check_username = mysql_num_rows(mysql_query("SELECT * FROM mcustomer WHERE vcKode = '$username' AND intStatus = 1"));
if($check_username > 0)
{
	$password_md5 = md5($password);
	if(empty($password))
		$where_password = " AND vcMD5Password IS NULL ";
	else
		$where_password = " AND vcMD5Password = '$password_md5' ";
	$check_password = mysql_num_rows(mysql_query("SELECT * FROM mcustomer WHERE vcKode = '$username' AND intStatus = 1 $where_password"));
	if($check_password > 0)
	{
		$r = mysql_fetch_array(mysql_query("SELECT * FROM mcustomer WHERE vcKode = '$username' AND intStatus = 1"));
		$_SESSION["login.id"]		= $r["intNomor"];
		$_SESSION["login.username"]	= $r["vcKode"];
		$_SESSION["login.password"]	= $r["vcMD5Password"];
		$_SESSION["login.name"]		= $r["vcNama"];
		$_SESSION["login.limit"]	= $r["decPlafon"];
		$get_cart = mysql_fetch_array(mysql_query("SELECT * FROM web_cart WHERE customer_id = ".$r["intNomor"]." AND status = 1 ORDER BY date_modified DESC, date_created DESC"));
		$_SESSION["cart.id"]		= $get_cart["id"];
		$get_setting = mysql_query("SELECT * FROM web_setting");
		while($setting = mysql_fetch_array($get_setting))
			$_SESSION[$setting["format_code"]] = $setting["format_setting"];
		$ip = get_ip();
		mysql_query("INSERT INTO web_login (user_id,ip_address) VALUES ('".$r["intNomor"]."','$ip')");
		die("<meta http-equiv='refresh' content='0;URL=customer/media.php'>");
	}
	else
		$_SESSION["login.warning"] = "Login Gagal: password tidak cocok";
}
else
	$_SESSION["login.warning"] = "Login Gagal: username tidak terdaftar";
die("<meta http-equiv='refresh' content='0;URL=index.php'>");
?>